getting_started_with_docker

Getting Started with Docker

This guide provides a hands-on introduction to fundamental Docker commands, covering running containers, managing images, the container lifecycle, and some advanced interactions with Docker Hub.

(Assumption: Examples may use custom images like xxradar/hackon. You can substitute with standard images like ubuntu or alpine for many commands, but functionality might differ if specific tools from the custom image are expected.)

1. Running Your First Container (Quick Way)

The docker run command is a quick way to download an image (if not present locally) and start a container from it.

# This command starts a container from the 'xxradar/hackon' image,
# names it 'my-demo', runs it interactively (-it), and removes it
# automatically when it exits (--rm).
docker run -it --rm --name my-demo xxradar/hackon

2. Understanding Docker Images and Containers

2.1 Searching for Images on Docker Hub

Docker Hub is a public registry of Docker images. You can search for images using docker search.

docker search ubuntu

2.2 Finding Image Tags (Versions)

Images often have different versions, identified by tags. You can query the Docker Hub API to list tags for an image.

Using curl and jq (a JSON processor) to list tags for the official ubuntu image:

curl 'https://registry.hub.docker.com/v2/repositories/library/ubuntu/tags/' | jq '."results"[]["name"]'

Example for a user-specific image (xxradar/fqdnsan_scan):

# The -k flag might be needed if there are SSL certificate issues with a specific custom domain/registry,
# but generally not required for registry.hub.docker.com.
curl 'https://registry.hub.docker.com/v2/repositories/xxradar/fqdnsan_scan/tags/' | jq '."results"[]["name"]'

(Removed -k as it's typically not needed for Docker Hub.)

2.3 Pulling Images

Download images from a registry to your local machine using docker image pull.

# Pull the 'latest' tag (default if no tag is specified)
docker image pull ubuntu

# Pull a specific version, e.g., 18.04
docker image pull ubuntu:18.04

List your local images:

docker image ls

3. Managing Container Lifecycle

Let's explore the different states of a container.

3.1 Creating a Container

The docker container create command creates a writable container layer from an image but does not start it.

docker container create -it --name my-ubuntu ubuntu

List all containers (including stopped ones) to see my-ubuntu:

docker container ls -a

3.2 Starting a Container

Start a previously created container.

# Replace 'e4f3ea7d1827' with the actual ID of 'my-ubuntu' from 'docker container ls -a', or use the name.
# The -i flag (interactive) is useful if you want to attach to it later.
docker container start my-ubuntu # or docker container start -i my-ubuntu
# docker container start e4f3ea7d1827

Check its status:

docker container ls -a # 'my-ubuntu' should now show as 'Up'

3.3 Attaching to a Container

If a container is running interactively (e.g., started with -i and has an interactive process like a shell), you can attach your terminal to its input/output.

docker container attach my-ubuntu
# If this was a shell, you could type commands.
# To exit the attached shell and stop the container, you might type 'exit'.
# exit

After exiting, check the status:

docker container ls -a # The container might be stopped if its main process ended.

Detaching: To detach from an attached container without stopping it, use the escape sequence Ctrl+P followed by Ctrl+Q.

3.4 Stopping a Container

If a container is running (e.g., in detached mode or attached in another terminal), you can stop it:

docker container stop my-ubuntu

3.5 Removing a Container

Once a container is stopped, you can remove it. You cannot remove a running container without forcing it (-f).

docker container rm my-ubuntu

Verify removal:

docker container ls -a

4. Managing Images

4.1 Removing an Image

You can remove an image if no containers (even stopped ones) are using it.

docker image ls
# Attempt to remove the 'ubuntu' image (latest tag)
docker image rm ubuntu
# If it fails, it might be because 'my-ubuntu' (if not removed) or other containers depend on it.
# Or if 'ubuntu:18.04' is still referenced by a container.
docker image ls

5. Cleaning Up Docker Resources

Here are commands to clean up multiple Docker resources. Use with caution, especially prune commands, as they can remove data.

Stop all running containers:
```
# docker container stop $(docker ps -q)
```
(Note: docker ps -a -q lists all containers, docker ps -q lists only running ones. For stopping, docker ps -q is correct.)
Remove all stopped containers:
```
docker container rm $(docker ps -a -f status=exited -q)
```
(Clarified: this removes containers that have exited. To remove all containers (running ones must be stopped first or use docker rm -f), you'd use docker rm $(docker ps -a -q) after stopping them.) Alternatively, to remove all containers (running or stopped, forcing removal for running ones):
```
# docker container stop $(docker ps -q) && docker container rm $(docker ps -a -q)
# Or, more directly to remove all stopped containers:
docker container prune -f
```

Remove all images:(Caution: This will remove all images not currently used by any container. If you want to remove ALL images, including those used by stopped containers, you might need to remove those containers first.)

# docker image rm $(docker image ls -a -q) # Corrected 'list' to 'ls'
# A safer way to remove dangling images (those not tagged and not referenced by any container):
docker image prune -f
# To remove all unused images (not just dangling):
docker image prune -a -f

System Prune (The "hard way"): This command removes all stopped containers, all networks not used by at least one container, all dangling images, and all build cache.
```
docker system prune
```
To also remove all unused images (not just dangling) and all volumes not used by at least one container:
```
# docker system prune -a --volumes
```
(Added --volumes as an option for even more aggressive cleanup.)

6. Advanced: Interacting with Docker Hub API

This section demonstrates how to use curl and jq to interact with the Docker Hub registry API, for example, to get image manifest details and download layers.

(This is an advanced topic, primarily for understanding Docker's internals.)

6.1 Fetching Image Layer Blobsums (Example: `ubuntu:latest`)

Get an authentication token:

export TOKEN=$(curl --silent "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/ubuntu:pull" | jq -r '.token')
echo "Acquired Token: $TOKEN"

(Removed --header 'GET' as it's default for curl. Added echo for token.)

Get the image manifest and extract layer blobsums:

curl --silent --request GET --header "Authorization: Bearer ${TOKEN}" \
'https://registry-1.docker.io/v2/library/ubuntu/manifests/latest' \
| jq -r '.fsLayers[].blobSum'

6.2 Fetching and Extracting an Image Layer (Example: `xxradar/hackon`)

Get token for xxradar/hackon:

export TOKEN=$(curl --silent "https://auth.docker.io/token?service=registry.docker.io&scope=repository:xxradar/hackon:pull" | jq -r '.token')
echo "Acquired Token for xxradar/hackon: $TOKEN"

Get manifest and a specific blobsum: (Assuming you pick one blobsum from the output of a similar manifest fetch for xxradar/hackon)

# First, get all blobsums for xxradar/hackon:latest
# curl --silent --request GET --header "Authorization: Bearer ${TOKEN}" \
# 'https://registry-1.docker.io/v2/xxradar/hackon/manifests/latest' \
# | jq -r '.fsLayers[].blobSum'

# Let's say one of the blobsums obtained is:
export BLOBSUM="sha256:5667fdb72017d1fb364744ca1abf7b6f3bbe9c98c3786f294a461c2866db69ab" # Example from original

Download the layer blob: The layer is a gzipped tarball.

curl --silent --location --request GET --header "Authorization: Bearer ${TOKEN}" \
"https://registry-1.docker.io/v2/xxradar/hackon/blobs/${BLOBSUM}" \
> "${BLOBSUM#sha256:}.tar.gz"

(Changed output filename to be more descriptive, e.g., 5667fd...db69ab.tar.gz)

Analyze the layer: Create a separate directory to untar and inspect the layer's contents.

mkdir analyse_layer
mv "${BLOBSUM#sha256:}.tar.gz" ./analyse_layer/
cd analyse_layer
tar -zxvf "${BLOBSUM#sha256:}.tar.gz"
# Now explore the extracted files and directories
cd ..

(Corrected zxfv and used variable for filename.)

6.3 Alternative: Using `docker image save`

A simpler way to inspect all layers of an image locally is to save it as a tarball and then extract it. This tarball contains all layers and metadata.

Pull the image (if not already local):
```
docker image pull xxradar/hackon
```

Save the image to a tarball:

docker image save xxradar/hackon -o hackon_image.tar

Extract the main tarball and inspect layers: In a new, separate directory:

mkdir analyse_saved_image
mv hackon_image.tar ./analyse_saved_image/
cd analyse_saved_image
tar -xf hackon_image.tar
# You will find a manifest.json file listing layers, and subdirectories for each layer (often named by their ID or as .tar files).
# Example: find . -name '*.tar' | xargs -I {} sh -c 'mkdir -p layer_{}; tar -xf {} -C layer_{}'
cd ..

(Changed output to hackon_image.tar and tar -xf. Added example for extracting sub-tarballs.)

Home

Previousdockerscan Nexthandy_things

Last updated 6 months ago